Comparison of GnuPG & NAI/PGP features.

Simpson, Sam s.simpson@mia.co.uk
Fri, 7 Jan 2000 11:59:38 +0000 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Werner,

Thanks for the quick answers.   See points in-text below.


> -----Original Message-----

> From: Werner Koch [mailto:wk@gnupg.org]

> Sent: 07 January 2000 11:48

> To: s.simpson@mia.co.uk

> Subject: Re: Comparison of GnuPG & NAI/PGP features.

> 

> 

> On Fri, 7 Jan 2000, Simpson, Sam wrote:

> 

> > I note that the GnuPG web page says: "Better functionality

than

> > PGP and some security enhancements.".  Apart from more

algorithms

> > & better ability to select algorithms, what does this

mean????

> 

> * You have the real source code and everone is able to build

the

>   executable from this source.  I am not sure whether you can

do 

>   this with the PGP books and noone can be sure that these

books

>   reflect the actual PGP executables delivered by NAI.


AFAIK the NAI distribution is just a build of the normal files. 
You can't do a byte-by-byte comparison of the executable though
because VC++ includes date/time stamps etc.


> * Stores secret keys in a memory area which will not be swapped

>   out to the disk. 


A sexy feature, to be sure.  I know the NAI/PGP Windows version
also includes this feature, but I'm not sure about the UNIX
versions...


> * All operations involving confidential material (session keys,

some

>   hashs, secret keys, intermediate results) are althoug done in

this

>   memory area.

> * It can use ElGamal for signing by creating all ElGamal keys

in a

>   secure way.  Uses this algorith even for DSA keys, just in

case.

>   I think PGP now uses the same Lim-Lee algorithm now and I am

not

>   sure whether this is at all an advantage.

> * It never uses any temporary files.

> * Has quite a lot of features you expect from a Unix tool.

> 

> > I have constructed a (very) small table to compare the

algorithms

> > available, it's at:

http://www.scramdisk.clara.net/compare.html 

> 

> Please get this Skipjack out of the list.  It whish I never

wrote this

> module - it used to be just an experiment.


ok.


> As I only have this 6.5.1 pgp here and it even refuses to

create keys

> with a message saying it can't open the keyrings  (although 

> strace show

> that it indeed opens them), I don't know what this SHA-1x is.


This is a "double-width" version of SHA-1, as per Hash Algorithm
ID 4 in [RFC2440].  PGP v5.x allowed the verification of
signatures using this scheme and some CKT versions allow you to
employ this hash as part of a signature.


Regards,

Sam Simpson
Communications Analyst
- -- http://www.scramdisk.clara.net/ for ScramDisk hard-drive
encryption & Delphi Crypto Components.  PGP Keys available at the
same site. 

-----BEGIN PGP SIGNATURE-----
Version: 6.0.2ckt http://members.tripod.com/IRFaiad/

iQA/AwUBOHXWCu0ty8FDP9tPEQJzTgCg5kbvgMIuZeUPF9DGJQIq0hVjF8oAoLfQ
eug6CilRpWeUSkeydaKfxOOR
=onlg
-----END PGP SIGNATURE-----